Skip to main content
Amazon FSx for NetApp ONTAP

Create S3 access points for a volume in NetApp Workload Factory

Contributors netapp-rlithman
PDFs

Create and attach S3 access points for a volume in NetApp Workload Factory.

About this task

Amazon FSx for NetApp ONTAP lets NFS and SMB file systems access S3 data and connect to AWS services like Amazon Bedrock, SageMaker, Athena, AWS Glue, and more. You can connect AWS services to all of your object storage data.

Attach S3 access points to NFS and SMB volumes in an FSx for ONTAP file system so AWS services access files as if they are in an S3 bucket. When attaching the access point, define a unique ID, select the file access type (UNIX or Windows), and add a username for access authorization.

After you attach the S3 access point, it appears in the AWS Management Console with a unique alias. Use this alias as the S3 bucket name for AWS services, such as Amazon Bedrock, to access files in the FSx for ONTAP volume.

You can attach multiple S3 access points to a single FSx for ONTAP volume, each with a unique access level, to connect to multiple AWS services.

Before you begin

Complete the following requirements before you begin.

Steps

  1. Log in using one of the console experiences.

  2. Select the menu The hamburger menu icon is used to navigate to workloads like storage and then select Storage.

  3. From the Storage menu, select FSx for ONTAP.

  4. From FSx for ONTAP, select the file system with the volume to update.

  5. From the file system overview, select the Volumes tab.

  6. From the Volumes tab, select the actions menu for the volume you want to use, then select Advanced actions, and then Manage S3 access points.

  7. On the Manage S3 access points page, select Create and attach S3 access point.

  8. On the Create and attach S3 access point page, provide the following information:

    • S3 access point name: Enter the name of the S3 access point.

    • User: Select an existing user with access to the volume or create a new user.

    • User type: Select UNIX or Windows as the user type.

    • Network configuration: Select Internet or Virtual private cloud (VPC). The type of network you choose determines whether the access point is accessible from the internet or restricted to a specific VPC. To use the Journal table feature, you must select Internet as the network configuration.

    • Inventory table: Optional. Requires the getObject permission. Enable the inventory table on the volume to generate metadata for all objects accessible to the S3 access point and incurs AWS S3 request costs. Refer to Amazon S3 pricing documentation for more information. The table updates every 24 hours.

    • S3 access point tags: Optionally, you can add up to 50 tags or remove tags.

  9. Select Create.

Related information

Optionally, you can use the Journal table feature with S3 access points in Workload Factory. The Journal table infrastructure captures and stores audit logs of user access events and object operations across Amazon FSx for ONTAP volume access points. To enable the Journal table feature, you must set up the necessary AWS infrastructure, including AWS CloudTrail, AWS CloudWatch, AWS S3 Buckets, AWS CloudWatch log groups, and AWS Identity and Access Management (IAM) roles and policies. Set up the journal table infrastructure for NetApp Workload Factory.

Other related topics: